Guest User

Untitled

a guest
Nov 21st, 2021
19
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Oracle Cloud Firewall How To.
  2.  
  3. Inside the WebAdmin App:
  4.  
  5. Hamburger Menu > Pinned Links > Compute / Instances
  6.  
  7. Click on your instance name
  8.  
  9. Under Primary VINC
  10.  
  11. Click on the Subnet: link
  12.  
  13. Under Security Lists
  14.  
  15. Click on Default Security List for subnet name
  16.  
  17. Under Ingress Rules
  18.  
  19. Click Add Ingress Rules
  20.  
  21. For each Rule:
  22.  
  23. Source CIDR: 0.0.0.0/0
  24.  
  25. IP Protocol: TCP
  26.  
  27. Destination Port Range: 6667
  28.  
  29. Click "Add Ingress Rules"
  30.  
  31. and click Add Ingress Rules again...
  32.  
  33. Fill in the fields as before but for the following destination port ranges each time: 6697, 6900
  34.  
  35. Repeat the above but with ::/0 for Source CIDR for IPv6
  36.  
  37. It should look similar to this when done:
  38.  
  39. https://i.imgur.com/SzPFQha.png
  40.  
  41. You may need to click under "Resources" in the sidebar and "Egress Rules"
  42.  
  43. and add two Egress Rules.
  44.  
  45. One for Destination CIDR: 0.0.0.0/0
  46.  
  47. And one for Destination CIDR: ::/0
  48.  
  49. It should look like this when done: https://i.imgur.com/oFjS0E1.png
  50.  
  51. --- If you installed the oracle distro
  52. sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp
  53. sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp
  54. sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp
  55. sudo firewall-cmd --reload
  56. ------
  57.  
  58.  
  59.  
  60.  
  61.  
  62. Further Firewall opening:
  63.  
  64. Inside the SSH Prompt for Ubuntu servers:
  65.  
  66. IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
  67.  
  68. sudo nano /etc/iptables/rules.v4
  69.  
  70. Remove these two lines
  71.  
  72. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  73. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  74.  
  75. Save.
  76.  
  77. Then:
  78.  
  79. sudo iptables -L INPUT
  80.  
  81. If this still shows:
  82.  
  83. REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
  84.  
  85. Do this:
  86.  
  87. iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
  88.  
  89. ---
  90.  
  91. That SHOULD do it at least for IPv4.
RAW Paste Data